September 14, 2010

In Perspective: Alleged Snooping at Teens' Data by Google Engineer

Greetings. While I believe it's fair to say that Gawker sometimes exhibits what appears to be a noticeable anti-Google bias, today they published a very troubling article that's impossible to ignore, alleging that a (now reportedly fired) Google employee used his privileges as a Site Reliability Engineer (SRE) to inappropriately access the private files of Google users, including minors. (An ongoing independent discussion thread on this topic is also available.)

Google has now confirmed the firing, has noted that this is the second such firing for a similar offense, and says that it will increase auditing of its logs.

Of course, Google is not the first Internet firm to be faced with such a situation. Nor should cases of individual rogue employees be used to spew forth accusations of Google being evil, not caring about user privacy, or some of the other unfounded claims I'm already seeing popping up around the Net associated with this situation.

Trust in these cloud-based systems and the individuals who design, operate, and maintain them is paramount.

Given the possibilities of litigation related to the current case, it is perhaps understandable that Google has apparently not been volunteering many specific details regarding these allegations and the accused employee.

However, transparency regarding policies and procedures related to employee access to Google-based data is another matter -- and this is an area where it would behoove Google to be as direct as possible with its users and the public at large. This includes providing information with the maximum specificity that is consistent with good security practices.

Among the key factors that are important to users' continued faith in the privacy and security of their information on Google services (both Google "standard" and the new "Google government services" platforms):

- Who at Google has access to Google users' content data?

- Under what conditions are Google employees officially authorized to access such data?

- Can an individual at Google access such data on their own without specific "need-to-know" authorization for specific cases, and without the oversight of any other employees during such access itself?

- What technical measures are in place to control Google employees' access to users' content data and to limit the possibilities of abuse?

- What reporting and/or logging mechanisms, and any associated audit procedures, are in place to routinely track (in real-time or retrospectively) employee access to such user content data?

A breach of the sort alleged in this case is certainly disconcerting, but no system is 100% secure.

Of more lasting concern and importance is assurance that Google's procedures, policies, and technologies associated with protection of user content data -- from both external and internal threats -- both are and remain adequate to their critical tasks, and that Google is sufficiently forthcoming about these issues.

While it is not necessarily desirable nor practical for the nitty-gritty details of security procedures to be publicly known in every instance, there is often a great deal of relevant information short of that threshold that can and should be safely made publicly available.

By definition, cloud computing resources are not under our individual direct control. Faith alone is not enough to encourage confidence in the security and privacy of these environments. It is incumbent on Google and all other Web services firms to be maximally transparent on these matters at all times.

The alternative is to risk concern among loyal users, smoldering embers of distrust among many potential users, and damaging conspiracy theories courtesy of your adversaries.